Breadcrumb

Introduction to Mobile Security - Android

Researchers have presented estimations that up to 90% of all applications have at least one vulnerability. While research about mobile applications in particular is scarce, high-profile data thefts like the Snapchat user database indicate serious security concerns even for apps that are used by millions.

The unique position of mobile applications in the intersection of Web services, native APIs and low-level code presents a complicated threat model that requires strong understanding of security in order to create a secure application. This hands-on course is focused on introducing developers to the basics of Android application security and the basic threats and vulnerabilities they should be aware of when designing and coding such application.

The course includes free access to an interactive online exercise environment for one week, following the course’s completion.

Course agenda:

Weak Server Side Controls

Insecure Data Storage

Insufficient Transport Layer Protection

Unintended Data Leakage

Poor Authorization and Authentication

Broken Cryptography

Client Side Injection

Security Decisions via Untrusted Inputs

Improper Session Handling

Lack of Binary Protections

Development process tips, Q & A

Ideal for:The course is technical and the targeted participants are Andorid developers that understand Java programming language, but have no particular experience in Android security.

Prerequisites:Working knowledge of Android platform development.

Participants should bring a laptop/notebook with installed Android SDK or an Android device (required for the exercises). The former is recommended.

Certificate: Upon successful completion of the course attendees will receive a certificate from ESI CEE.